cc1110

[Joby Taffey] just rolled out a serial bootloader for the Chipcon CC1110/CC1111 processors. The project is called CCTL and aims to make prototyping with the Girltech IM-ME a bit less tedious. Up until now firmware for the device had to be pushed in with a GoodFET or TI proprietary programmer which was quite slow. But this bootloader makes it possible to push your code via the chip’s serial port at 115200 baud. But the pretty pink pager isn’t the only device using these chips and to prove it [Joby] send this picture of all the electronics he has on hand running this architecture.

Once the 1KB CCTL bootloader has been flashed to the chip, a serial port or USB to Serial converter can be used as a programmer. [Joby] warns that the Chipcon processors are not 5V tolerant so you need to either use a 3V serial converter or add a level converter into the mix.

CCTL provides the features you’d expect from a bootloader. It uses the chip’s watchdog timer to guard against failure due to broken code. And there is an upgrade mode available at power up. Instruction for use are included in the Github repo linked at the top.

The watch connects to the bot wirelessly thanks to a CC1110 development board which relays communications to the on-board Arduino through a serial connection. It looks like it’s a bit of a bother to make slow and precise movements using this setup, but this can probably be changed by tweaking how accelerometer values are interpreted (using a non-linear equation would allow you more control at low speeds without sacrificing top speed for the motors).

Because this is using the same RF hardware that the IM-ME does, we can’t help but wonder if the CC1110 development board could be swapped out for an unused IM-ME dongle?

[Joby] used the OpenBench Logic Sniffer to gain some insight on what’s going on here. The board has two chips on it, a Cypress CY7C63803 USB microcontroller which talks to the computer over USB and also communicates over SPI with a Chipcon CC1110 SoC radio. It looks like reprogramming the Cypress chip is a no-go, so he went to work on the CC1110. The inter-chip communications data that he acquired by sniffing the SPI lines gave him all he needed to reimplement the protocol using his own firmware. As a proof of concept he to reflashed the CC1110 and can now send and receive arbitrary commands from the dongle. There’s a tiny video after the break showing a script on the computer turning the dongle’s LED on and off.

A small, cheap spectrum analyzer with an LCD can be a fun thing to play with. But to be truly usefully you need access to raw data, and lots of it. [Travis Goodspeed] set out to make that possible by pulling data with a GoodFET and a Python script.

He started with [Michael Ossmann’s] IM-ME spectrum analyzer, which uses a CC1110 chip. The two of them are giving a lecture at Toorcon 12 (called Real Men Carry Pink Pagers) and this will be used as a demonstration device. After studying the datasheet he found the starting RAM address and did some further work to deciphered how the data is stored in it. From there it was a matter of working out the timing for grabbing the data, and coding a method for storing it. Now he’s looking for brave souls to help him trailblaze with this newly-discovered tool. It seems that if you know what you are doing, and have abundant patience, you can use this for a bit of old-fashioned reverse engineering.